On Thu, May 21, 2020 at 1:48 PM Richard Haines <richard_c_haines@xxxxxxxxxxxxxx> wrote: > Support secmark tests that require nftables version 9.3 or greater and > kernel 4.20 or greater. > > Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx> > --- > V2 Change: > Use common tests for iptables/nftables > V3 Change: > Use function > V4 Changes: > Add nftables to README for Debian > Use nft -c to determine if SECMARK supported > V5 Change: > Remove kernel check > > README.md | 7 ++- > tests/inet_socket/nftables-flush | 2 + > tests/inet_socket/nftables-load | 74 +++++++++++++++++++++++++ > tests/inet_socket/test | 95 +++++++++++++++++++------------- > tests/sctp/nftables-flush | 2 + > tests/sctp/nftables-load | 68 +++++++++++++++++++++++ > tests/sctp/test | 88 +++++++++++++++++------------ > 7 files changed, 263 insertions(+), 73 deletions(-) > create mode 100644 tests/inet_socket/nftables-flush > create mode 100644 tests/inet_socket/nftables-load > create mode 100644 tests/sctp/nftables-flush > create mode 100644 tests/sctp/nftables-load Acked-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> -- Ondrej Mosnacek Software Engineer, Platform Security - SELinux kernel, Red Hat, Inc.
